Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify kube-flannel.yaml to use rbac.authorization.k8s.io/v1 #1342

Merged
merged 1 commit into from
Oct 15, 2020
Merged

Modify kube-flannel.yaml to use rbac.authorization.k8s.io/v1 #1342

merged 1 commit into from
Oct 15, 2020

Conversation

vanou
Copy link
Contributor

@vanou vanou commented Sep 1, 2020
edited
Loading

Description

[Type of fix] : Bug

This commit modifies Document/kube-flannel.yaml to use ClusterRole & ClusterRoleBinding of rbac.authorization.k8s.io/v1.

Before this commit, rbac.authorization.k8s.io/v1beta1 is used at kube-flannel.yaml. However, from Kubernetes v1.17, this v1beta1 version is deprecated and rbac.authorization.k8s.io/v1 becomes GA.

At the time of writing this commit, latest Kubernets version is v1.19. So, according to Kubernetes support policy, only v1.19, v1.18 & v1.17 are supported and it's safe to use rbac.authorization.k8s.io/v1 now.

Todos

  • Tests
  • Documentation
  • Release note

Release Note

None required

rajatchopra
rajatchopra approved these changes Sep 15, 2020
View reviewed changes
Copy link
Contributor

@rajatchopra rajatchopra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

AleksandrNull
AleksandrNull reviewed Sep 15, 2020
View reviewed changes
Copy link
Contributor

@AleksandrNull AleksandrNull left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Can you please also change docs to reflect that change (just to have a reference that new roles wouldn't be compatible with <1.17 ?

@vanou
Copy link
Contributor Author

vanou commented Sep 17, 2020

Thanks @rajatchopra & @AleksandrNull !
I modified README.md & Documentation/kubernetes.md.

I split Older versions of Kubernetes section of Documentation/kubernetes.md into two subsections:

  1. For Kubernetes v1.6~v1.15

    This subsection holds all text Older versions of Kubernetes section held before this commit and talks about how to use manifests under Documentation/k8s-manifests.

    I name this subsection v1.6~v1.15 because

    • rbac.authorization.k8s.io/v1beta1 used in Documentation/k8s-manifests/kube-flannel-rbac.yml appears from Kubernetes version v1.6 (In v1.5, no v1beta1 and only v1alpha1. But from v1.6, v1beta1 appears.)

    • extensions/v1beta1 DaemonSet used in Documentation/k8s-manifests/kube-flannel-legacy.yml is deprecated in k8s v1.16

    • another k8s resource version is supported in this range (v1.6~v1.15)

  2. For Kubernetes v1.16

    This subsection refers that user should replace rbac.authorization.k8s.io/v1 in kube-flannel.yaml to rbac.authorization.k8s.io/v1beta1 under K8s v1.16.

@vanou
Modify kube-flannel.yaml to use rbac.authorization.k8s.io/v1
8a1bcf6 
This commit modifies Documentation/kube-flannel.yaml to use
ClusterRole & ClusterRoleBinding of 'rbac.authorization.k8s.io/v1'.

Before this commit, 'rbac.authorization.k8s.io/v1beta1' is used at
kube-flannel.yaml. However, from Kubernetes v1.17, this v1beta1
version is deprecated and 'rbac.authorization.k8s.io/v1' becomes GA.

At the time of writing this commit, latest Kubernets version is v1.19.
So, according to Kubernetes support policy, only v1.19, v1.18 & v1.17
are supported and it's safe to use 'rbac.authorization.k8s.io/v1' now.

This commit also modifies docs to mention this change.
@vanou vanou force-pushed the modify_kube-flannenYaml_to_use_rbacAuthorizationK8sIo_v1 branch from 51543b3 to 8a1bcf6 Compare September 17, 2020 07:23
@PontusTideman PontusTideman mentioned this pull request Sep 25, 2020
Closed
@vanou vanou mentioned this pull request Oct 2, 2020
Closed
3 tasks
@vanou
Copy link
Contributor Author

vanou commented Oct 2, 2020

Kindly ping:
Hello @rajatchopra & @AleksandrNull . I know you're very busy. It's thankful for you to give feedback when you have a time.

Thank you.

@rajatchopra rajatchopra merged commit 5a4cdae into flannel-io:master Oct 15, 2020
czomo
czomo reviewed Dec 13, 2021
View reviewed changes
Documentation/kubernetes.md
@@ -31,6 +33,10 @@ This file does not bundle RBAC permissions. If you need those, run
If you didn't apply the `kube-flannel-rbac.yml` manifest and you need to, you'll see errors in your flanneld logs about failing to connect.
* `Failed to create SubnetManager: error retrieving pod spec...`

### For Kubernetes v1.16

`kube-flannel.yaml` uses `ClusterRole` & `ClusterRoleBinding` of `rbac.authorization.k8s.io/v1`. When you use Kubernetes v1.16, you should replace `rbac.authorization.k8s.io/v1` to `rbac.authorization.k8s.io/v1beta1` because `rbac.authorization.k8s.io/v1` had become GA from Kubernetes v1.17.
Copy link

@czomo czomo Dec 13, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rbac.authorization.k8s.io/v1 is added to k8s since 1.8.0, source We don't need to add that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@czomo czomo czomo left review comments

@AleksandrNull AleksandrNull AleksandrNull left review comments

@rajatchopra rajatchopra rajatchopra approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vanou @rajatchopra @AleksandrNull @czomo